Anders Kaseorg
4a88e2a732
semgrep: Ban eval.
...
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-26 12:35:40 -07:00
Anders Kaseorg
48719cb8c4
message_send: Avoid unchecked cast.
...
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-23 13:30:09 -07:00
Anders Kaseorg
cf6981eef0
lint: Remove other rules about percent formatting.
...
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 16:24:46 -07:00
Anders Kaseorg
f364d06fb5
python: Convert percent formatting to .format for translated strings.
...
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-15 16:24:46 -07:00
Anders Kaseorg
769e198ab0
lint: Prohibit percent formatting on literal format strings.
...
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-14 23:27:22 -07:00
Anders Kaseorg
1ed2d9b4a0
logging: Use logging.exception and exc_info for unexpected exceptions.
...
logging.exception() and logging.debug(exc_info=True),
etc. automatically include a traceback.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-14 23:27:22 -07:00
Anders Kaseorg
674158b817
migrations: Escape more pedantically in pgroonga.0003_v2_api_upgrade.
...
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-13 21:50:37 -07:00
Anders Kaseorg
0cc897d08d
migrations: Escape more pedantically in pgroonga.0001_enable.
...
The psycopg2.SQL API unfortunately doesn’t work with
django.db.migrations.RunSQL, so we need to take a detour into
PL/pgSQL for EXECUTE and format.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-13 21:50:37 -07:00
Anders Kaseorg
0d6c771baf
python: Guard against default value mutation with read-only types.
...
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-13 15:31:27 -07:00
Anders Kaseorg
5ad33c9d62
install-semgrep: Upgrade semgrep to 0.9.0.
...
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-05 09:35:11 -07:00
Aman Agrawal
0504c61bfd
semgrep: Use pattern-where-python operator to filter patterns.
...
See https://github.com/returntocorp/semgrep/blob/experimental/docs/config/advanced.md#pattern-where-python for usage.
This helps us minimize duplication of similar patterns.
2020-05-20 09:37:26 -07:00
Anders Kaseorg
b501d04f6a
semgrep: Lint against common SQL injection patterns.
...
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-04 09:35:30 -07:00
Anders Kaseorg
bdc365d0fe
logging: Pass format arguments to logging.
...
https://docs.python.org/3/howto/logging.html#optimization
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-02 10:18:02 -07:00
Aman Agrawal
9089fd5b08
semgrep: Remove unrequired file exclude.
...
This file doen't contain any matching pattern which violates the
rule.
2020-05-01 11:08:47 -07:00
Aman Agrawal
af0c267cd4
semgrep: Move migrations import check lint rule to semgrep.
...
We change how a few imports in migrations are done to be easier to
lint and more consitsent with our typical import style.
2020-05-01 11:07:53 -07:00
Aman Agrawal
8e29c88beb
semgrep: Add rule to enforce no use of stream.objects.filter.
2020-05-01 11:01:14 -07:00
Aman Agrawal
06c831f146
semgrep: Reformat and correct doc link.
2020-05-01 11:01:14 -07:00
Aman Agrawal
5ab62a3514
sgrep/semgrep: Updgrade and rename sgrep to semgrep.
...
With its new upgrade, sgrep has been renamed to semgrep.
Rename sgrep.yml to semgrep.yml
2020-05-01 11:01:14 -07:00